Cross Cutting Thrusts: Usable Privacy and Security
Scope: We all have too many passwords to manage. To cope, people tend to write down passwords, reuse passwords, or choose very weak but memorable passwords. This problem will only get worse as the number of applications, devices, and services we use increase. Our observation is that currently, logins all require the same level of difficulty. We are investigating how we can modulate the difficulty of logins based on the context of the situation, focusing on simplifying the login process for “normal” situations that are likely to be safe. For example, logging in on your laptop at home, on your regular WiFi network, with your mobile phone and regular set of devices nearby, your laptop might only require what we call a casual form of authentication, such as a picture of your face. Conversely, in unusual situations, such as when traveling, you might be required to present more credentials.
Outcomes: We are in the early stages of designing and evaluating a system for casual authentication. We have conducted a diary study showing that the majority of people login only at work or at home, and on their own personal computers. We are currently examining what technical approaches there are for detecting “safe” contexts, as well as what attacks people might exploit to penetrate simplified logins